Q1:
Once you are federated using ADFS all authnetication happens at ADFS for on-prem synced users.
For cloud-only users, AuthN happens at Azure AD.
No need for a trust/parent-child relationship is needed for the Federated AuthN model.
Federated AuthN is one of the Authentication models, the other two being PTA and PHS.
When you install AD Connect, there is a option called Federation with AD FS. As password sync is not expected..
Q2. What does AD Connect do for federated domains?
Federated AuthN is one of the Authentication models, the other two being PTA and PHS.
Picking the Federated option in Azure AD connect will set the domain flag as federated rather than managed at Azure AD, It would set Azure AD to send back the user AuthN back to ADFS.
Q3. Why Do we need AD Connect in this case? AD connect can sync passwords from on premise to Azure AD which can be synced to Azure AD DS, not the AD DS hosted on Azure VM...I think ?
- To Sync on-prem users to cloud you would stll need Azure AD connect.
- Also to manage ur tenant settings AAD Connect is the best place.
Q4. Is it true that AD Connect can not be used for password syncing between on-premise domain controllers or between on-premise domain and ADDS hosted on Azure VMs ?
I see some confusion in the question,
Azure AD connect will help you sync user + password hashes.
ADDS hosted on Azure VM - Referring to Azure ADDS service?